Saturday, May 23, 2020

Public ICS Disclosures – Week of 5-16-20

This week we have two vendor disclosures for products from HMS and BD. There is also a researcher report on previously disclosed vulnerabilities from OSIsoft.

HMS Advisory

HMS published an advisory describing a certificate verification vulnerability in their eCatcher product. The vulnerability was reported by TÜV Rheinland. HMS has a new version that mitigates the vulnerability. There is no indication that the researchers have been provided an opportunity to verify the efficacy of the fix.

BD Advisory

BD published an advisory describing two Windows Adobe Type Manager Library vulnerabilities in various BD products. BD is currently working to test and validate the appropriate Microsoft patch for these vulnerabilities.

OSIsoft Report

Applied Risk published a report on vulnerabilities in the OSIsoft PI System. These vulnerabilities were previously disclosed by NCCIC-ICS. This report provides links to the OSIsoft report on the vulnerabilities, but that report is behind a customer registration wall.

No comments:

/* Use this with templates/template-twocol.html */